We are facing a peculiar issue in our network. When trying to access mail.indiatimes.com (18.104.22.168) website 80% of time it doesn't open. We have to keep disconnect and try again to open the web page. From the wireshark traces we can observe 3 way TCP handshake is happening. After that client is sending GET HTTP request & HTTP ACK is sent by web server. Now client is sending FIN, ACK to web server without waiting for HTTP OK response.
In what scenarios this will happen?
Uploaded the wireshark -> http://www.4shared.com/file/hgI1MERD/ITC-Fail.html
With Regards, Balaguru S
This question isn't really Wireshark related so it's probably better asked elsewhere: stackexchange ?
That being said:
"From the wireshark traces we can observe 3 way TCP handshake is happening. After that client is sending GET HTTP request & HTTP ACK is sent by web server. Now client is sending FIN, ACK to web server without waiting for HTTP OK response."
Looking quickly at the capture and at each of the 3 TCP "conversations", the above is somewhat incorrect:
So: to me the real question: Is the server replying and the reply is being lost or is the server not replying.
I'm not familiar with troubleshooting GPRS connections so I can't provide any further info.
There are 3 TCP streams in your tracefile, each with a different pattern:
When looking at the MSS values in the TCP SYN packets, the client advertises a MSS of 1420, which may or may not be lowered by intermediate devices on the way to the server. Then the server advertises a MSS of 1400 which might already have been lowered by devices in between the server and the capture point.
Combining that with the FIN/ACK in frame 26, there might be an issue in adjusting the MSS value on intermediate devices because the server seems to have sent a TCP segment of length 1401. The only way to verify this hypothesis is to make traces at multiple points in the network including one as close to the server as you can get (even if it is just the INternet exit point from the mobile network).
(In this analysis I just focussed on the TCP part of the tracefiles as I do not have any experience with mobile protocols)
answered 29 Sep '11, 00:30